1. Field of the Invention
Embodiments of the present invention relate generally to security objects used in communication systems and, more specifically, to generation, management, distribution, federation, and/or applied key management of security objects.
2. Background
In security systems, an encryption key refers to a parameter or data that dictates how plain data may be translated into encrypted data during an encryption process and encrypted data into plain data during a decryption process. Typically, the encryption key is made available both of a source device (e.g., a transmitting device) and a target device (e.g., a receiving device) in a communication transaction. Given that encryption keys are used pervasively, effective management of the encryption keys (as well as other security objects) to defend and respond to threats against the security systems is of paramount importance.
Traditionally, encryption key management is initiated and executed at the device level (e.g., by the source device and/or the target device that are involved in the communication transaction). Communication management, on the other hand, is traditionally centrally managed at a higher level (e.g., by a server for the source device and target device). The end result may be that the encryption management is procedurally unsynchronized with communications management. Thus, loose controls of encryption keys, as demonstrated in current public key infrastructure (PKI) instances, may result. In addition, loose controls of symmetric keys generated and distributed in an enterprise may also occur. Accordingly, an end result may be a breakdown in communication management or communication security. Similar problems confront other types of encryption objects.
Conventionally, no mechanism exists to automate obtaining and registering of keys across various local user applications at a communication device. Secure Shell (SSH) and other interface/protocol for system access conventionally focus on localized generation of encryption keys for user authentication. Some applications such as, but not limited to, messaging, communication applications, and the like may require separate distribution of symmetric and/or asymmetric keys for encrypted communications. Storage or distribution of encrypted information may require separate key management and distribution activities.